Menu
 
» »Unlabelled » Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding

A+ A-


This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

  • Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
  • Functions.dll: The "real" library which exposes valid functionality to the harness
  • Theif.dll: The "evil" library which is attempting to gain execution
  • NetClone.exe: A C# application which will clone exports from one DLL to another
  • PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

  • Stc-Forward: Forwards export names during the build process using linker comments
  • Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
  • Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
  • Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.


Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

Related articles


  1. Pentest Tools Tcp Port Scanner
  2. How To Make Hacking Tools
  3. Hack App
  4. Hacker Search Tools
  5. Hacker Tools Hardware
  6. Hacker Search Tools
  7. Hacking Tools For Beginners
  8. Hacker Techniques Tools And Incident Handling
  9. Usb Pentest Tools
  10. Best Hacking Tools 2020
  11. Hacking Tools Online
  12. Hacker Techniques Tools And Incident Handling
  13. Hak5 Tools
  14. Hacker Tools Hardware
  15. Hacker Tools For Ios
  16. Hacking Tools Usb
  17. Pentest Tools Open Source
  18. Hacking Tools Name
  19. Wifi Hacker Tools For Windows
  20. Hacker Tools Apk
  21. Hackers Toolbox
  22. Hacking Tools For Windows 7
  23. Hacker Hardware Tools
  24. Hacker Tools
  25. Hacking Tools For Beginners
  26. How To Make Hacking Tools
  27. Best Hacking Tools 2019
  28. Pentest Tools Website Vulnerability
  29. Hack And Tools
  30. Underground Hacker Sites
  31. Hacking Tools And Software
  32. Hack Tools For Pc
  33. Tools Used For Hacking
  34. Install Pentest Tools Ubuntu
  35. Hack Tools Mac
  36. Hacking Tools Hardware
  37. Pentest Tools Find Subdomains
  38. Hack Tool Apk No Root
  39. Pentest Tools Apk
  40. Tools 4 Hack
  41. Top Pentest Tools
  42. Hacker Tools List
  43. Hacker Tools For Windows
  44. Hack Tool Apk No Root
  45. New Hack Tools
  46. Nsa Hack Tools Download
  47. Install Pentest Tools Ubuntu
  48. Hacker Tools Hardware
  49. Pentest Tools For Mac
  50. Hacker Tools Windows
  51. Hacker Security Tools
  52. Blackhat Hacker Tools
  53. Black Hat Hacker Tools
  54. Hacking Tools For Kali Linux
  55. Wifi Hacker Tools For Windows
  56. New Hacker Tools
  57. Hacker Tools Apk
  58. Hack Tools For Windows
  59. Hacker Tools For Windows
  60. Top Pentest Tools
  61. Computer Hacker
  62. Hack App
  63. Hacking Tools For Windows Free Download
  64. Hack Tool Apk
  65. Hacking Tools 2019
  66. Hacker Hardware Tools
  67. Hack Tools For Games
  68. Hack Website Online Tool
  69. Hacker Tools 2019
  70. Android Hack Tools Github
  71. Nsa Hack Tools
  72. Growth Hacker Tools
  73. What Are Hacking Tools
  74. Hacking Tools
  75. Android Hack Tools Github
  76. How To Hack
  77. Termux Hacking Tools 2019
  78. Kik Hack Tools
  79. Tools For Hacker
  80. Hack Rom Tools
  81. Wifi Hacker Tools For Windows
  82. Beginner Hacker Tools
  83. Hacking Tools Windows 10
  84. Hacking Tools
  85. Hack Tools Pc
  86. Hack Tool Apk
  87. Hacking Tools For Beginners
  88. Easy Hack Tools
  89. Beginner Hacker Tools
  90. Black Hat Hacker Tools
  91. How To Hack
  92. Hacker Tools For Mac
  93. Pentest Tools Download
  94. Black Hat Hacker Tools
  95. Hack And Tools
  96. Hacking Tools 2019
  97. Pentest Tools For Windows
  98. Hacking Tools Software
  99. Install Pentest Tools Ubuntu
  100. Hacks And Tools
  101. Pentest Tools List
  102. Tools For Hacker
  103. Best Hacking Tools 2020
  104. Pentest Tools Website
  105. Pentest Tools Subdomain
  106. World No 1 Hacker Software
  107. Tools Used For Hacking
  108. Pentest Reporting Tools
  109. Hacking Tools Kit
  110. Pentest Tools For Mac
  111. Pentest Tools For Mac
  112. Pentest Tools Subdomain
  113. Hack Tools Github
  114. Game Hacking
  115. World No 1 Hacker Software
  116. Hacker Tools Software
  117. Hacking Tools Pc
  118. How To Make Hacking Tools
  119. Pentest Tools Subdomain
  120. Hack Tools Online
  121. Hack Tools For Ubuntu
  122. New Hack Tools
  123. Hack Tool Apk
  124. New Hack Tools
  125. Computer Hacker
  126. Pentest Recon Tools
  127. Hacker Tools For Ios
  128. Hack Tools Pc
  129. Hack And Tools
  130. Hacking Tools Mac
  131. Hacking Tools For Pc
  132. Hacker Tools 2020
  133. Hack App
  134. Hackers Toolbox
  135. Hacker Tools Windows
  136. Hacking Tools For Windows Free Download
  137. Hacker Tools Github
di 22.35

Posting Komentar

Langganan: Posting Komentar (Atom)
 
Top